HP (Hewlett-Packard) FIPS 140-2 Computer Drive User Manual


  Open as PDF
of 26
 
Security Policy, version 1.0 January 31, 2008
HP StorageWorks Secure Key Manager
Page 17 of 26
© 2008 Hewlett-Packard Company
This document may be freely reproduced in its original entirety.
Key Key Type
Generation /
Input
Output Storage Zeroization Use
KRsaPub Server RSA public
key (1024- or 2048-
bit)
Generated by
ANSI X9.31
DRNG during
first-time
initialization
In plaintext
a X509
certificate.
In non-
volatile
memory
At operator
delete request
Client encrypts
Pre-MS. Client
verifies server
signatures
KRsaPriv Server RSA private
key (1024- or 2048-
bit)
Generated by
ANSI X9.31
DRNG during
first-time
initialization
Never In non-
volatile
memory
At operator
delete or
zeroize request
Server
decrypts Pre-
MS. Server
generates
signatures
CARsaPub Certificate Authority
(CA) RSA public key
(1024- or 2048-bit)
Generated by
ANSI X9.31
DRNG during
first-time
initialization
In plaintext In non-
volatile
memory
At operator
delete request
Verify CA
signatures
CARsaPriv CA RSA private key
(1024- or 2048-bit)
Generated by
ANSI X9.31
DRNG during
first-time
initialization
never In non-
volatile
memory
At operator
delete or
zeroize request
Sign server
certificates
Cluster
Member
RsaPub
Cluster Member
RSA public key
(1024- or 2048-bit)
Input in plaintext Never In volatile
memory
Upon session
termination
Verify Cluster
Member
signatures
TLS Ks TLS session AES or
3DES symmetric
key(s)
Derived from MS Never In volatile
memory
Upon session
termination
Encrypt and
decrypt data
TLS Khmac TLS session HMAC
key
Derived from MS Never In volatile
memory
Upon session
termination
Authenticate
data
Table 13 details all cipher suites supported by the TLS protocol implemented by the module. The suite names in the
first column match the definitions in RFC 2246 and RFC 4346.
Table 13 – Cipher Suites Supported by the Module’s TLS Implementation in FIPS Mode
Suite Name Authentication
Key
Transport
Symmetric
Cryptography
Hash
TLS_RSA_WITH_AES_256_CBC_SHA RSA RSA AES (256-bit) SHA-1
TLS_RSA_WITH_AES_128_CBC_SHA RSA RSA AES (128-bit) SHA-1
TLS_RSA_WITH_3DES_EDE_CBC_SHA RSA RSA 3DES (168-bit) SHA-1
Other CSPs are tabulated in Table 14.
Table 14 – Other Cryptographic Keys, Cryptographic Key Components, and CSPs
Key Key Type
Generation /
Input
Output Storage Zeroization Use
 previous next